mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
Merge branch 'maint-0.4.8'
This commit is contained in:
commit
bd8915ad8d
3
changes/ticket40874
Normal file
3
changes/ticket40874
Normal file
@ -0,0 +1,3 @@
|
||||
o Major bugfixes (TROVE-2023-004, relay):
|
||||
- Mitigate an issue when Tor compiled with OpenSSL can crash during
|
||||
handshake with a remote relay. Fixes bug 40874; bugfix on 0.2.7.2-alpha.
|
@ -414,6 +414,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Somebody asked us for an older TLS "
|
||||
"authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) "
|
||||
"which we don't support.");
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
char label[128];
|
||||
|
@ -1651,9 +1651,35 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
|
||||
const size_t client_random_len = SSL_get_client_random(ssl, NULL, 0);
|
||||
const size_t master_key_len = SSL_SESSION_get_master_key(session, NULL, 0);
|
||||
|
||||
tor_assert(server_random_len);
|
||||
tor_assert(client_random_len);
|
||||
tor_assert(master_key_len);
|
||||
if (BUG(! server_random_len)) {
|
||||
log_warn(LD_NET, "Missing server randomness after handshake "
|
||||
"using %s (cipher: %s, server: %s) from %s",
|
||||
SSL_get_version(ssl),
|
||||
SSL_get_cipher_name(ssl),
|
||||
tls->isServer ? "true" : "false",
|
||||
ADDR(tls));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (BUG(! client_random_len)) {
|
||||
log_warn(LD_NET, "Missing client randomness after handshake "
|
||||
"using %s (cipher: %s, server: %s) from %s",
|
||||
SSL_get_version(ssl),
|
||||
SSL_get_cipher_name(ssl),
|
||||
tls->isServer ? "true" : "false",
|
||||
ADDR(tls));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (BUG(! master_key_len)) {
|
||||
log_warn(LD_NET, "Missing master key after handshake "
|
||||
"using %s (cipher: %s, server: %s) from %s",
|
||||
SSL_get_version(ssl),
|
||||
SSL_get_cipher_name(ssl),
|
||||
tls->isServer ? "true" : "false",
|
||||
ADDR(tls));
|
||||
return -1;
|
||||
}
|
||||
|
||||
len = client_random_len + server_random_len + strlen(TLSSECRET_MAGIC) + 1;
|
||||
tor_assert(len <= sizeof(buf));
|
||||
|
Loading…
Reference in New Issue
Block a user